The automotive sector shields itself from cyberattacks

The recurrence of cyber incidents—discussed previously in this blog—has also become a reality for the automotive world, which is undergoing an intense transformation thanks to the digitalization of its systems.

It is necessary to ensure consumer protection from cyberattacks on internet-connected vehicles, increasing the vehicle’s safety and control in view of this type of threats. Dangers for connected cars include access to users’ personal data, theft of vehicles accessed without a key, or takeover of a vehicle’s system.

Aware of this reality, different countries have already started to take measures. In 2017, the United Kingdom published governmental guidelines based on the key principles of vehicle cyber security for connected and automated vehicles. These guidelines oblige manufacturers to ensure data protection and control of vehicles in the case of cyberattacks and to continuously assess the possible risks that may arise, also regulating the possible liabilities arising from their production.

Three years later, 53 United Nations Member States have approved an agreement in this sense, and, in 2021, two new regulations on cyber security and software updates will come into effect in an attempt to deal with this undeniable threat. In general, these regulations impose various obligations on vehicle manufacturers (who must in turn ensure that their suppliers adopt the pertinent security measures). The regulations essentially focus on (i) managing cyber risks; (ii) securing vehicles by design to mitigate risks along the value chain; (iii) detecting and responding to incidents; (iv) providing safe and secure software updates; and (v) documenting the measures implemented and constantly reporting to the authorities.

These regulations constitute a milestone in this context, as they are the first harmonized and binding international regulations addressing the undeniable risks that cyberattacks pose in the automotive world.

By Ana Sánchez